From 11d7b71959e844d427d77c8fec46b22082675948 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Tue, 7 Jan 2020 20:26:56 +0100
Subject: [ticket/16296] Adjust form token check for mark actions

PHPBB3-16296
---
 phpBB/includes/ucp/ucp_pm.php            | 10 +++++-----
 phpBB/includes/ucp/ucp_pm_viewfolder.php |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'phpBB/includes/ucp')

diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php
index 00d1ce7149..3f982c8dd0 100644
--- a/phpBB/includes/ucp/ucp_pm.php
+++ b/phpBB/includes/ucp/ucp_pm.php
@@ -209,14 +209,14 @@ class ucp_pm
 					$submit_mark = false;
 				}
 
-				if (($move_pm || $submit_mark) && !check_form_key('ucp_pm_view'))
-				{
-					trigger_error('FORM_INVALID');
-				}
-
 				// Move PM
 				if ($move_pm)
 				{
+					if (!check_form_key('ucp_pm_view'))
+					{
+						trigger_error('FORM_INVALID');
+					}
+
 					$move_msg_ids	= (isset($_POST['marked_msg_id'])) ? $request->variable('marked_msg_id', array(0)) : array();
 					$cur_folder_id	= $request->variable('cur_folder_id', PRIVMSGS_NO_BOX);
 
diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php
index ce40a2507d..4b6377e0b7 100644
--- a/phpBB/includes/ucp/ucp_pm_viewfolder.php
+++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php
@@ -32,7 +32,7 @@ function view_folder($id, $mode, $folder_id, $folder)
 
 	$folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']);
 
-	add_form_key('ucp_pm_view_folder');
+	add_form_key('ucp_pm_view');
 
 	if (!$submit_export)
 	{
@@ -199,7 +199,7 @@ function view_folder($id, $mode, $folder_id, $folder)
 		$enclosure = $request->variable('enclosure', '');
 		$delimiter = $request->variable('delimiter', '');
 
-		if (!check_form_key('ucp_pm_view_folder'))
+		if (!check_form_key('ucp_pm_view'))
 		{
 			trigger_error('FORM_INVALID');
 		}
-- 
cgit v1.2.3-18-g5258